Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3bdaf5871066
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: c0a32366cbe6
Choose a head ref
  • 4 commits
  • 6 files changed
  • 1 contributor

Commits on Jul 3, 2019

  1. wordpress: 5.02 -> 5.2.2

    @aanderse
    aanderse committed Jul 3, 2019
    Copy the full SHA
    e1857b7 View commit details

  2. nixos/wordpress: create module to replace the httpd subservice

    @aanderse
    aanderse committed Jul 3, 2019
    Copy the full SHA
    aa05aad View commit details

  3. nixos/wordpress: add release notes for 19.09

    @aanderse
    aanderse committed Jul 3, 2019
    Copy the full SHA
    b9e6838 View commit details

Commits on Jul 4, 2019

  1. Merge pull request #62175 from aanderse/wordpress 

    wordpress: create module to replace the httpd subservice
    @aanderse
    aanderse authored Jul 4, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    c0a3236 View commit details
7 changes: 4 additions & 3 deletions nixos/doc/manual/release-notes/rl-1909.xml
View file
Original file line number Diff line number Diff line change
@@ -131,9 +131,10 @@
</listitem>
<listitem>
<para>
The limesurvey apache subservice was replaced with a full NixOS module.
One can configure it using the <option>services.limesurvey.enable</option>
and <option>services.limesurvey.virtualHost</option> options.
Several of the apache subservices have been replaced with full NixOS
modules including LimeSurvey and WordPress.
These modules can be enabled using the <option>services.limesurvey.enable</option>
and <option>services.wordpress.enable</option> options.
</para>
</listitem>
<listitem>
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
View file
Original file line number Diff line number Diff line change
@@ -779,6 +779,7 @@
./services/web-apps/tt-rss.nix
./services/web-apps/selfoss.nix
./services/web-apps/virtlyst.nix
./services/web-apps/wordpress.nix
./services/web-apps/youtrack.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/caddy.nix
371 changes: 371 additions & 0 deletions nixos/modules/services/web-apps/wordpress.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,371 @@
{ config, pkgs, lib, ... }:

let
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption types;
inherit (lib) any attrValues concatMapStringsSep flatten literalExample;
inherit (lib) mapAttrs' mapAttrsToList nameValuePair optional optionalAttrs optionalString;

eachSite = config.services.wordpress;
user = "wordpress";
group = config.services.httpd.group;
stateDir = hostName: "/var/lib/wordpress/${hostName}";

pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec {
pname = "wordpress-${hostName}";
version = src.version;
src = cfg.package;

installPhase = ''
mkdir -p $out
cp -r * $out/
# symlink the wordpress config
ln -s ${wpConfig hostName cfg} $out/share/wordpress/wp-config.php
# symlink uploads directory
ln -s ${cfg.uploadsDir} $out/share/wordpress/wp-content/uploads
# https://github.com/NixOS/nixpkgs/pull/53399
#
# Symlinking works for most plugins and themes, but Avada, for instance, fails to
# understand the symlink, causing its file path stripping to fail. This results in
# requests that look like: https://example.com/wp-content//nix/store/...plugin/path/some-file.js
# Since hard linking directories is not allowed, copying is the next best thing.
# copy additional plugin(s) and theme(s)
${concatMapStringsSep "\n" (theme: "cp -r ${theme} $out/share/wordpress/wp-content/themes/${theme.name}") cfg.themes}
${concatMapStringsSep "\n" (plugin: "cp -r ${plugin} $out/share/wordpress/wp-content/plugins/${plugin.name}") cfg.plugins}
'';
};

wpConfig = hostName: cfg: pkgs.writeText "wp-config-${hostName}.php" ''
<?php
define('DB_NAME', '${cfg.database.name}');
define('DB_HOST', '${cfg.database.host}:${if cfg.database.socket != null then cfg.database.socket else toString cfg.database.port}');
define('DB_USER', '${cfg.database.user}');
${optionalString (cfg.database.passwordFile != null) "define('DB_PASSWORD', file_get_contents('${cfg.database.passwordFile}'));"}
define('DB_CHARSET', 'utf8');
$table_prefix = '${cfg.database.tablePrefix}';
require_once('${stateDir hostName}/secret-keys.php');
# wordpress is installed onto a read-only file system
define('DISALLOW_FILE_EDIT', true);
define('AUTOMATIC_UPDATER_DISABLED', true);
${cfg.extraConfig}
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
require_once(ABSPATH . 'wp-settings.php');
?>
'';

siteOpts = { lib, name, ... }:
{
options = {
package = mkOption {
type = types.package;
default = pkgs.wordpress;
description = "Which WordPress package to use.";
};

uploadsDir = mkOption {
type = types.path;
default = "/var/lib/wordpress/${name}/uploads";
description = ''
This directory is used for uploads of pictures. The directory passed here is automatically
created and permissions adjusted as required.
'';
};

plugins = mkOption {
type = types.listOf types.path;
default = [];
description = ''
List of path(s) to respective plugin(s) which are copied from the 'plugins' directory.
<note><para>These plugins need to be packaged before use, see example.</para></note>
'';
example = ''
# Wordpress plugin 'embed-pdf-viewer' installation example
embedPdfViewerPlugin = pkgs.stdenv.mkDerivation {
name = "embed-pdf-viewer-plugin";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip;
sha256 = "1rhba5h5fjlhy8p05zf0p14c9iagfh96y91r36ni0rmk6y891lyd";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
And then pass this theme to the themes list like this:
plugins = [ embedPdfViewerPlugin ];
'';
};

themes = mkOption {
type = types.listOf types.path;
default = [];
description = ''
List of path(s) to respective theme(s) which are copied from the 'theme' directory.
<note><para>These themes need to be packaged before use, see example.</para></note>
'';
example = ''
# For shits and giggles, let's package the responsive theme
responsiveTheme = pkgs.stdenv.mkDerivation {
name = "responsive-theme";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = https://downloads.wordpress.org/theme/responsive.3.14.zip;
sha256 = "0rjwm811f4aa4q43r77zxlpklyb85q08f9c8ns2akcarrvj5ydx3";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
And then pass this theme to the themes list like this:
themes = [ responsiveTheme ];
'';
};

database = rec {
host = mkOption {
type = types.str;
default = "localhost";
description = "Database host address.";
};

port = mkOption {
type = types.port;
default = 3306;
description = "Database host port.";
};

name = mkOption {
type = types.str;
default = "wordpress";
description = "Database name.";
};

user = mkOption {
type = types.str;
default = "wordpress";
description = "Database user.";
};

passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/wordpress-dbpassword";
description = ''
A file containing the password corresponding to
<option>database.user</option>.
'';
};

tablePrefix = mkOption {
type = types.str;
default = "wp_";
description = ''
The $table_prefix is the value placed in the front of your database tables.
Change the value if you want to use something other than wp_ for your database
prefix. Typically this is changed if you are installing multiple WordPress blogs
in the same database.
See <link xlink:href='https://codex.wordpress.org/Editing_wp-config.php#table_prefix'/>.
'';
};

socket = mkOption {
type = types.nullOr types.path;
default = null;
defaultText = "/run/mysqld/mysqld.sock";
description = "Path to the unix socket file to use for authentication.";
};

createLocally = mkOption {
type = types.bool;
default = true;
description = "Create the database and database user locally.";
};
};

virtualHost = mkOption {
type = types.submodule ({
options = import ../web-servers/apache-httpd/per-server-options.nix {
inherit lib;
forMainServer = false;
};
});
example = literalExample ''
{
enableSSL = true;
adminAddr = "webmaster@example.org";
sslServerCert = "/var/lib/acme/wordpress.example.org/full.pem";
sslServerKey = "/var/lib/acme/wordpress.example.org/key.pem";
}
'';
description = ''
Apache configuration can be done by adapting <option>services.httpd.virtualHosts</option>.
'';
};

poolConfig = mkOption {
type = types.lines;
default = ''
pm = dynamic
pm.max_children = 32
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 500
'';
description = ''
Options for the WordPress PHP pool. See the documentation on <literal>php-fpm.conf</literal>
for details on configuration directives.
'';
};

extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
Any additional text to be appended to the wp-config.php
configuration file. This is a PHP script. For configuration
settings, see <link xlink:href='https://codex.wordpress.org/Editing_wp-config.php'/>.
'';
example = ''
define( 'AUTOSAVE_INTERVAL', 60 ); // Seconds
'';
};
};

config.virtualHost.hostName = mkDefault name;
};
in
{
# interface
options = {
services.wordpress = mkOption {
type = types.attrsOf (types.submodule siteOpts);
default = {};
description = "Specification of one or more WordPress sites to serve via Apache.";
};
};

# implementation
config = mkIf (eachSite != {}) {

assertions = mapAttrsToList (hostName: cfg:
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
message = "services.wordpress.${hostName}.database.user must be ${user} if the database is to be automatically provisioned";
}
) eachSite;

services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
ensureUsers = mapAttrsToList (hostName: cfg:
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
) eachSite;
};

services.phpfpm.pools = mapAttrs' (hostName: cfg: (
nameValuePair "wordpress-${hostName}" {
listen = "/run/phpfpm/wordpress-${hostName}.sock";
extraConfig = ''
listen.owner = ${config.services.httpd.user}
listen.group = ${config.services.httpd.group}
user = ${user}
group = ${group}
${cfg.poolConfig}
'';
}
)) eachSite;

services.httpd = {
enable = true;
extraModules = [ "proxy_fcgi" ];
virtualHosts = mapAttrsToList (hostName: cfg:
(mkMerge [
cfg.virtualHost {
documentRoot = mkForce "${pkg hostName cfg}/share/wordpress";
extraConfig = ''
<Directory "${pkg hostName cfg}/share/wordpress">
<FilesMatch "\.php$">
<If "-f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:/run/phpfpm/wordpress-${hostName}.sock|fcgi://localhost/"
</If>
</FilesMatch>
# standard wordpress .htaccess contents
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
DirectoryIndex index.php
Require all granted
Options +FollowSymLinks
</Directory>
# https://wordpress.org/support/article/hardening-wordpress/#securing-wp-config-php
<Files wp-config.php>
Require all denied
</Files>
'';
}
])
) eachSite;
};

systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
"d '${stateDir hostName}' 0750 ${user} ${group} - -"
"d '${cfg.uploadsDir}' 0750 ${user} ${group} - -"
"Z '${cfg.uploadsDir}' 0750 ${user} ${group} - -"
]) eachSite);

systemd.services = mkMerge [
(mapAttrs' (hostName: cfg: (
nameValuePair "wordpress-init-${hostName}" {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-wordpress-${hostName}.service" ];
after = optional cfg.database.createLocally "mysql.service";
script = ''
if ! test -e "${stateDir hostName}/secret-keys.php"; then
echo "<?php" >> "${stateDir hostName}/secret-keys.php"
${pkgs.curl}/bin/curl -s https://api.wordpress.org/secret-key/1.1/salt/ >> "${stateDir hostName}/secret-keys.php"
echo "?>" >> "${stateDir hostName}/secret-keys.php"
chmod 440 "${stateDir hostName}/secret-keys.php"
fi
'';

serviceConfig = {
Type = "oneshot";
User = user;
Group = group;
};
})) eachSite)

(optionalAttrs (any (v: v.database.createLocally) (attrValues eachSite)) {
httpd.after = [ "mysql.service" ];
})
];

users.users.${user}.group = group;

};
}
285 changes: 0 additions & 285 deletions nixos/modules/services/web-servers/apache-httpd/wordpress.nix
View file

This file was deleted.

65 changes: 27 additions & 38 deletions nixos/tests/wordpress.nix
View file
Original file line number Diff line number Diff line change
@@ -6,48 +6,37 @@ import ./make-test.nix ({ pkgs, ... }:
maintainers = [ grahamc ]; # under duress!
};

nodes =
{ web =
{ pkgs, ... }:
{
services.mysql = {
enable = true;
package = pkgs.mysql;
};
services.httpd = {
enable = true;
logPerVirtualHost = true;
adminAddr="js@lastlog.de";

virtualHosts = [
{
hostName = "wordpress";
extraSubservices =
[
{
serviceType = "wordpress";
dbPassword = "wordpress";
dbHost = "127.0.0.1";
languages = [ "de_DE" "en_GB" ];
}
];
}
];
};
};
};

testScript =
machine =
{ ... }:
''
startAll;
{ services.httpd.adminAddr = "webmaster@site.local";
services.httpd.logPerVirtualHost = true;

services.wordpress."site1.local" = {
database.tablePrefix = "site1_";
};

$web->waitForUnit("mysql");
$web->waitForUnit("httpd");
services.wordpress."site2.local" = {
database.tablePrefix = "site2_";
};

networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ];

# required for wordpress-init.service to succeed
systemd.tmpfiles.rules = [
"F /var/lib/wordpress/site1.local/secret-keys.php 0440 wordpress wwwrun - -"
"F /var/lib/wordpress/site2.local/secret-keys.php 0440 wordpress wwwrun - -"
];
};

$web->succeed("curl -L 127.0.0.1:80 | grep 'Welcome to the famous'");
testScript = ''
startAll;
$machine->waitForUnit("httpd");
$machine->waitForUnit("phpfpm-wordpress-site1.local");
$machine->waitForUnit("phpfpm-wordpress-site2.local");
'';
$machine->succeed("curl -L site1.local | grep 'Welcome to the famous'");
$machine->succeed("curl -L site2.local | grep 'Welcome to the famous'");
'';

})
33 changes: 22 additions & 11 deletions pkgs/servers/web-apps/wordpress/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,24 @@
# Upgrading? We have a test! nix-build ./nixos/tests/wordpress.nix
{ fetchFromGitHub, lib } : fetchFromGitHub {
owner = "WordPress";
repo = "WordPress";
rev = "5.0.2";
sha256 = "1r8y62mdv6ji82hcn94gngi68mwilxh69gpx8r83k0cy08s99sln";
meta = {
homepage = https://wordpress.org;
description = "WordPress is open source software you can use to create a beautiful website, blog, or app.";
license = lib.licenses.gpl2;
maintainers = [ lib.maintainers.basvandijk ];
{ stdenv, fetchurl }:

stdenv.mkDerivation rec {
pname = "wordpress";
version = "5.2.2";

src = fetchurl {
url = "https://wordpress.org/${pname}-${version}.tar.gz";
sha256 = "08iilbvf1gam2nmacj0a8fgldnd2gighmslf9sny8dsdlqlwjgvq";
};

installPhase = ''
mkdir -p $out/share/wordpress
cp -r . $out/share/wordpress
'';

meta = with stdenv.lib; {
homepage = "https://wordpress.org";
description = "WordPress is open source software you can use to create a beautiful website, blog, or app";
license = [ licenses.gpl2 ];
maintainers = [ maintainers.basvandijk ];
platforms = platforms.all;
};
}